Are domain controllers using correct DNS settings?

DNS is an integral part of Active Directory subsystem. Without DNS, Active Directory functionality will not work. DNS is required when authenticating the client computers, when GPO settings are applied to users and computers and so on. The domain controllers must be configured to use the correct DNS settings in TCP/IP property of the network card. For example, if you have four domain controllers in an Active Directory domain and if all domain controllers are running DNS server role then the settings on DNS TCP/IP property must be configured to use DNS server IP of each other domain controller in order to avoid resolution failures. The domain controllers connect to each other to exchange security tokens and to replicate changes. Before the changes can be replicated the domain controllers find its replication partner by sending a query to the local DNS server. There are many other functions of a domain controller that require DNS. This article provides a PowerShell script that can be used to check how many DNS servers are configured in the TCP/IP property of a domain controller. It doesn’t check to ensure the domain controller is using the correct DNS server IP address, though.

What does this PowerShell script do?

The DNS PowerShell script provided in this article performs the following operations:

  • Collects all domain controllers specified in a text file named C:\Temp\DCServers.TXT.
  • Collects Network Card information from the target domain controller using Win32_NetworkAdapterConfiguration class.
  • The PowerShell script checks to make sure the domain controller is configured with at least two DNS servers. If it finds a domain controller is configured with just one IP Address it reports the domain controller name and DNS Server IP configured in the report file.
  • There is no special PowerShell module required for this script to work as it uses Windows default PowerShell and WMI Class to get data and report back to the report file.

PowerShell script to check DNS settings

Executing this PowerShell script will generate a report in CSV format. The report file can be found at C:\Temp\DCDNSReport.CSV. You need to provide the domain controller names one per line in the C:\Temp\DCServers.TXT before executing the script.

$GDCList="C:\Temp\DCServers.TXT"
$DCDNSREport = "C:\Temp\DCDNSReport.CSV"
$ThisString="Domain Controller,Connection,Command Status, Network Adapter Description, IP Address,Subnet,Default Gateway,DNS Servers,Final Status"
Add-Content $DCDNSREport $ThisString
$AnyGap = "No"
Foreach ($ItemName in Get-Content "$GDCList")
{
$nwINFO = Get-WmiObject -ComputerName $ItemName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPAddress -ne $null }
foreach ($NIC in $nwINFO)
{
$nwServerName = $NIC.DNSHostName
$nwDescrip = $NIC.Description
$nwIPADDR = $NIC.IPAddress
$nwSUBNET = $NIC.IpSubnet
$nwGateWay = $NIC.DefaultIPGateway
$nwMacADD = $NIC.MACAddress
$nwDNS = $NIC.DNSServerSearchOrder
$FinalStatus="Ok"
IF ($NwDNS.Count -lt 2)
{
$FinStatus ="Not enough DNS Servers have been configured on this domain controller."
$AnyGap = "Yes"
}
$FinalSTR = $ItemName+","+$DCConError+","+$ComConError+","+$nwDescrip+","+$nwIPADDR+","+$nwSUBNET+","+$nwGateWay+","+'"'+$NWDNS+'"'+","+$FinStatus
Add-Content "$TestCSVFile" $FinalSTR
}
}
IF ($AnyGap -eq "Yes")
{
$TestText = "Some Domain Controllers have not been configured with enough DNS Servers in the TCP/IP property of the network card. Please check FinalStatus column of the output and check which Domain Controller required updating with DNS configuration. It is recommended to configure domain controllers with at least 2 DNS Servers."
}

 

Once the PowerShell script has finished executing, you can see a report under “C:\Temp\DNSDCReport.CSV,” which contains the columns such as domain controller name, network adapter description, IP address, subnet, default gateway, DNS servers, and the Final Status column indicating the issue with the DNS TCP/IP configuration.

DNS settings

As you can see, the output script reported four domain controllers from TechGenix.com that do not have enough DNS servers configured. It is always recommended to configure at least two DNS servers in the TCP/IP property of each domain controller to avoid name resolution failures. Once you have the report you can take actions accordingly.

The PowerShell script was retrieved from the “Domain Controllers DNS Configuration Test” Dynamic Pack, which is part of Active Directory Health Profiler.

DNS settings and Active Directory

As we explained, DNS is a requirement for Active Directory to work efficiently. Each domain controller must be configured to use at least two DNS Servers in the TCP/IP property of the network card to avoid name resolution failures. We provided a PowerShell script that can report on the TCP/IP DNS server configuration on each domain controller.

About The Author

5 thoughts on “Are domain controllers using correct DNS settings?”

  1. Antonio Cicero Rodrigues

    Add-Content : Não é possível associar o argumento ao parâmetro ‘Path’ porque ele é uma cadeia de caracteres vazia.
    No D:\dc.ps1:25 caractere:13
    + Add-Content “$TestCSVFile” $FinalSTR
    + ~~~~~~~~~~~~~~
    + CategoryInfo : InvalidData: (:) [Add-Content], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAllowed,Microsoft.PowerShell.Commands.AddContentCommand

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top